svcready | a9f95fd06a5444a4c5d0d4c553a81a4f5f421aea9e07f2bb6b270183f19b7a49 | Triage

Resubmissions

31-08-2022 20:26

220831-y73vvsbcfr 10

21-07-2022 06:01

220721-gq558adfdn 10

20-07-2022 17:02

220720-vj4wgacebl 10

Analysis

max time kernel
148s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
31-08-2022 20:26

Sharing

Report Analysis Logs

General

Target

svc.dll
Size

1.2MB
MD5

5a800c0c43e7ef2abca922ef59cbdb57
SHA1

541127b4c63917a8ad767cc5f9f7cb2f3ba35a4a
SHA256

a9f95fd06a5444a4c5d0d4c553a81a4f5f421aea9e07f2bb6b270183f19b7a49
SHA512

7d9bd3461fa5182f7b998253972f1916fb0adde7c55ae078b13db7af9ee1ed86881b2ffe9dfd8ed9e163323f38775b5ae0ea7d8d8e2658dba0f5aff161752f5e
SSDEEP

24576:tvYZQAI/107QOq8flhywxenHOeI/TaL19sHW+yp59aRph/rpDcbzWROTq:tv

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral2/memory/4220-133-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4768 wrote to memory of 4220	4768	regsvr32.exe	83
PID 4768 wrote to memory of 4220	4768	regsvr32.exe	83
PID 4768 wrote to memory of 4220	4768	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\svc.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\svc.dll
  2⤵
  PID:4220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4220-133-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download